Skip to content

Google Auth issue #6652

New issue
New issue
Closed
Closed
Google Auth issue#6652
@SebC99

Description

@SebC99
SebC99
opened on Apr 27, 2020

Issue Description

When using Google Sign-In to authenticate users on Parse, the adapter is automatically used without any needed configuration, but:

  • it's using a development method to authenticate the user's token as stated in google documentation

An easy way to validate an ID token for debugging is to use the tokeninfo endpoint. Calling this endpoint involves an additional network request that does most of the validation for you, but introduces some latency and the potential for network errors.

  • there's no clientId validation to ensure the token is from our app
  • the sessions that are created are marked as createdWith { "action": "signup", "authProvider": "password"} instead of a google provider

Does someone is using Google Sign-In in production?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions